- All Exams Instant Download
Which of the following methodologies should be used to BEST meet the client's expectations?
autonumA client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?A . OWASP Top 10B . MITRE ATT&CK frameworkC ....
Which of the following BEST characterizes the function performed by lines 5 and 6?
autonumGiven the following script: Which of the following BEST characterizes the function performed by lines 5 and 6?A . Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10B . Performs a single DNS query for www.comptia.org and prints the raw data outputC . Loops through variable b to...
autonumDRAG DROP
autonumDRAG DROP During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan. INSTRUCTIONS Analyze the code segments to determine which sections are needed to complete a port scanning...
autonumWhich of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
autonumWhich of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53B . OWASP Top 10C . MITRE ATT&CK frameworkD . PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework
autonumWhich of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
autonumWhich of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . ShodanB . NmapC . WebScarab-NGD . NessusView AnswerAnswer: A
Which of the following vulnerabilities has the tester exploited?
autonumA penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgeryB ....
autonumWhich of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?
autonumWhich of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . WiresharkB . EAPHammerC . KismetD . Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...
autonumDuring a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:
autonumDuring a penetration test, the domain names, IP ranges, hosts, and applications are defined in the: A. SOW. B. SLA. C. ROE. D. NDAView AnswerAnswer: C Explanation: https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The%20ROE%20includes%20the%20dates,limits%2C%20or%20out%20of %20scope.
autonumWhich of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
autonumWhich of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?A . NessusB . MetasploitC . Burp SuiteD . EthercapView AnswerAnswer: B
autonumCORRECT TEXT
autonumCORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
